Bug 1320347 - KRA installation: NullPointerException in ProxyRealm.findSecurityConstraints
Summary: KRA installation: NullPointerException in ProxyRealm.findSecurityConstraints
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 7.4
Assignee: Endi Sukma Dewata
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-22 23:48 UTC by Matthew Harmsen
Modified: 2016-11-29 01:23 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-29 01:23:00 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Harmsen 2016-03-22 23:48:53 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/pki/ticket/2226

KRA setup over LDAPS fails with a NullPointerException in ProxyRealm.findSecurityConstraints.

https://fedorahosted.org/freeipa/ticket/5570
https://www.redhat.com/archives/pki-devel/2016-February/msg00100.html

== curl ==

{{{
# curl http://master1.ipa.test:8080/ca/admin/ca/getStatus
<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.26 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 500 - </h1><div class="line"></div><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b></p><pre>java.lang.NullPointerException
        com.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:114)
        org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
        org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
        org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
        org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
        org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526)
        org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482)
        java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        java.lang.Thread.run(Thread.java:745)
</pre><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/8.0.26 logs.</u></p><hr class="line"><h3>Apache Tomcat/8.0.26</h3></body></html>
}}}

== journalctl ==

{{{
# journalctl -f -u pki-tomcatd
...
Mar 01 12:10:31 master1.ipa.test server[8061]: Mar 01, 2016 12:10:31 PM org.apache.catalina.core.ContainerBase backgroundProcess
Mar 01 12:10:31 master1.ipa.test server[8061]: WARNING: Exception processing realm com.netscape.cms.tomcat.ProxyRealm@65ac2207 background process
Mar 01 12:10:31 master1.ipa.test server[8061]: java.lang.NullPointerException
Mar 01 12:10:31 master1.ipa.test server[8061]: at com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:109)
Mar 01 12:10:31 master1.ipa.test server[8061]: at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1127)
Mar 01 12:10:31 master1.ipa.test server[8061]: at org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5554)
Mar 01 12:10:31 master1.ipa.test server[8061]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1377)
Mar 01 12:10:31 master1.ipa.test server[8061]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1381)
Mar 01 12:10:31 master1.ipa.test server[8061]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1381)
Mar 01 12:10:31 master1.ipa.test server[8061]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1349)
Mar 01 12:10:31 master1.ipa.test server[8061]: at java.lang.Thread.run(Thread.java:745)
}}}


{{{
# rpm -qa tomcat pki-ca freeipa-server
pki-ca-10.2.6-15.fc23.noarch
freeipa-server-4.3.90-0.fc23.x86_64
tomcat-8.0.26-2.fc23.noarch

}}}
Comment 1 Matthew Harmsen 2016-06-10 16:02:47 UTC 
nkinder moved the accompanying ticket:

10.3.2 ==> 10.4
Comment 2 Matthew Harmsen 2016-06-10 16:03:50 UTC 
tduehr reported in the ticket:

I'm seeing this exception in a FreeIPA server as well. KRA installation worked fine but this seems to be preventing the CMS from starting properly resulting in all CA operations to fail. Using the CA/KRA master for CA operations works without a problem.
Note You need to log in before you can comment on or make changes to this bug.